Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Dec 2010 01:12:00 +0100
From:      Thomas Steen Rasmussen <thomas@gibfest.dk>
To:        freebsd-ports@freebsd.org
Subject:   Re: Security updates for packages?
Message-ID:  <4D0564D0.8080406@gibfest.dk>
In-Reply-To: <4D0559E5.4030409@FreeBSD.org>
References:  <AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR%2B@mail.gmail.com> <4D0559E5.4030409@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
  On 13.12.2010 00:25, Doug Barton wrote:
> On 12/12/2010 12:28, Kevin Kreamer wrote:
>> Hi,
>>
>> Having not used FreeBSD for several years, I did a fresh install 
>> yesterday
>> of 8.1-RELEASE, and then used pkg_add -r to install several packages.  I
>> then came across portaudit, ran it, and it indicated that I had three
>> vulnerable packages (git, ruby, and sudo). Looking at
>> http://www.vuxml.org/freebsd/, it appears that these were reported in 
>> July,
>> August, and September respectively.
>
> How did you install the package?
>
>
He said he installed it using pkg_add -r, which will have pulled the 
package from
the 8.1-RELEASE repository which is quite old by now.

Kevin: You can set PACKAGESITE environment variable to a different path,
to get packages that are more up to date:

PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest 
pkg_add -r something

Hope this helps,

Thomas Steen Rasmussen



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D0564D0.8080406>